The renaissance of cryptography

Fri, 12 Oct 2018 22:35:20 +0000

This is a declaration of a new era.

Cryptography was almost exclusively a military technology for centuries. When in 1990s millions of personal computers connected to the internet, cryptography graduated from a munition to an industrial tool to secure credit card payments over a global, open and hostile environment.

For the next 20 years cryptographic research and engineering was very vibrant, but culminating in a loud confirmation by Edward Snowden that the resulting products were not good enough. SSL, PGP and other protocols turned out to be insecure, their implementations were buggy and hard maintain, all cryptographic primitives are broken and/or easy to misuse (MD5, RC4, RSA). High-level protocols were full of design and engineering mistakes and full of misunderstandings. The whole discipline had a culture of abstinence-only cryptography and, as a result, poor engineering standards mixed with academic hubris and sabotage by the governments. 20 years of real-world cryptography produced a few useful artifacts and a lot of mess.

Then, three things started to happen:

First, personal computers and the internet reached very deep into lives of almost everyone. Individuals now store their entire life in affordable pocket computers, businesses run all their operations over the internet, governments routinely participate in cyberwars. The importance of securing information shifted from “good to have” to “actively desirable”. Apple, the most valuable corporation on Earth, is selling billions of computers with _security_ and _privacy_ as a one of their main selling points.

Second, Bitcoin and blockchains happened. Things envisioned by Nick Szabo, Hal Finney, Wei Dai, Tim May and other cypherpunks back in 1990s finally started to materialize. The internet discovered a whole new continent: with “wild west” anarchy, “gold rushes”, and massive real and fictional opportunities. On that continent the excellence in cryptography is no longer simply desirable, but becomes vitally important: the unauthorized access to data now equates to the immediate loss of unbounded amount of highly liquid assets.

Finally, a new generation of software engineers has grown up, who have an enormous enthusiasm to fix mistakes of the past and bring cryptographic engineering to a new level: with clean designs, excellent documentation, record-breaking performance, safety and usability, and, most importantly, strong ethics.

Today we have robust cryptographic building blocks that are not only safer and faster, but also designed to be composable and extensible to build on top of them with confidence: such as Keccak, AES-SIV and Ristretto.

We have better programming languages (Rust, Go, Swift) where engineering can be done with clarity, safety and ease. Pure Rust libraries such as Miscreant and Dalek set a new bar for all cryptography engineers.

For the first time ever, the ambitious ideas of zero-knowledge proofs that were stuck in academic papers for many years are finally implemented for the blockchain applications: Zcash, Confidential Transactions, Monero and Bulletproofs.

We are living in a renaissance era of cryptography: we have fantastic tools, amazing people and strong demand for high-quality cryptographic products with direct financial incentives. We are now at a lift-off point: we have a strong foundation to build upon with confidence. Now is the best time ever to learn and work with cryptography. Expect truly transformative technologies come out of this mix in the coming years.

Assets is the new cryptographic primitive

Tue, 28 Mar 2017 08:00:00 +0000

Computer science and applied cryptography in particular, has a hierarchy of building blocks, where higher-order blocks are composed of lower-order blocks.

Roughly, the hierarchy looks like this:

Charge and current in electric circuits
Bits
Bytes & words
Data structures
Permutations: block ciphers, hash functions
Self-authenticated data structures (e. g. hash-trees)
Symmetric encryption and authentication
Public key cryptography: digital signatures, shared secrets, asymmetric encryption.
Certificates and chains of trust (e. g. X.509, PGP web of trust)
Timestamped append-only logs (e. g. Certificate Transparency)

Blockchain protocols are made of these building blocks in order to offer a new kind of a building block: the digital asset.

Digital assets simplify and expand some schemes that struggle with lower-level primitives such as digital signatures and certificates.

In money: digital assets are bearer instruments that can be exchanged between parties that do not trust each other, while signatures only facilitate point-to-point exchange between trusting parties.

In supply chains: digital assets represent certificates of acceptance enabling end-to-end security for each participant in the supply chain, automating provenance and improving security of payments. E. g. a payment can be locked by condition that a particular set of certificates are produced, instead of deferring it to a third party escrow, increasing the surface of vulnerability.

In consumer payments: digital assets are used to represent not only payment instruments (cash, rewards, loyalty points), but also receipts and sometimes products themselves (tickets and prepaid cards).

In things: digital assets represent access tokens to devices running tamper-resistant computers that can be efficiently delegated, used as a collateral, bought and sold. E. g. lockboxes, vending machines and cars.

What about smart contracts? Aren’t those the next higher-order primitive? Not quite. Smart contracts use formal language to describe context-specific policy, so their impact depends on that context. Smart contracts inside a public key infrastructure (e. g. certificates) enable more sophisticated signing rules, but only within limitations and assumptions of such infrastructure. Smart contracts that control digital assets take advantage of their bearer instrument nature secured by entire blockchain network that acts as very slow and very secure computer. Smart contracts are important, but play a supportive role in systems built on top of digital assets.

Whenever you wonder how could a blockchain protocol help with a given problem, reframe the question in terms of digital assets. If there is something that can be defined as a digitally transferrable thing and benefit from automation and improved security of such transfers, then you have a reason to consider blockchain as part of your design. If not, then blockchain is probably not what you need: it would be either irrelevant (e. g. health records on blockchain) or grossly inefficient (e. g. arbitrary computation environment).

Originally published on March 28, 2017

Oleg Andreev: posts tagged cryptography

The renaissance of cryptography

Assets is the new cryptographic primitive